CVE-2025-15437
Unknown Unknown - Not Provided
Cross-Site Scripting in LigeroSmart Environment Variable Handler

Publication date: 2026-01-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUEST_URI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 6.1.26 and 6.3 is able to mitigate this issue. The patch is named 264ac5b2be5b3c673ebd8cb862e673f5d300d9a7. The affected component should be upgraded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15437
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ligerosmart ligerosmart to 6.1.24 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15437 is a reflected Cross-Site Scripting (XSS) vulnerability in LigeroSmart versions up to 6.1.24. It occurs due to improper sanitization of the REQUEST_URI environment variable, which is user-controllable. An attacker can manipulate the REQUEST_URI argument to inject malicious HTML or JavaScript code that gets reflected in HTTP responses, allowing execution of arbitrary scripts in the context of other users' browsers. This vulnerability affects the Environment Variable Handler component and can be exploited remotely with user interaction. [2, 4, 5]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary JavaScript code in the context of the vulnerable web application. This can lead to session hijacking, defacement, or other malicious activities such as stealing sensitive information or performing actions on behalf of the user. Since the attack is reflected and requires user interaction, it can be used to compromise user trust and application integrity. [4, 5]

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests for suspicious or malicious payloads injected into the REQUEST_URI, especially those containing HTML or JavaScript code that could trigger XSS. A practical approach is to capture and inspect HTTP traffic to the LigeroSmart application for unusual URL paths containing script tags or event handlers like 'oncontentvisibilityautostatechange'. For example, using command-line tools like curl or wget to send crafted requests with suspicious payloads to test if the server reflects them unsanitized. Additionally, network packet capture tools such as tcpdump or Wireshark can be used to analyze incoming requests for malicious patterns. Example command to test manually with curl: curl -v 'http://your-ligerosmart-server/otrs/<input type="hidden" oncontentvisibilityautostatechange="alert(1)" style="content-visibility:auto">'. If the response reflects the injected code without sanitization, the system is vulnerable. [5]

Mitigation Strategies

The immediate mitigation step is to upgrade LigeroSmart to version 6.1.26 or later (including 6.3), which contain the patch that properly sanitizes the REQUEST_URI environment variable to prevent XSS attacks. The patch identified by commit 264ac5b2be5b3c673ebd8cb862e673f5d300d9a7 sanitizes dangerous characters and control characters from REQUEST_URI and ensures safe HTTP redirects. Until the upgrade is applied, consider implementing web application firewall (WAF) rules to block suspicious requests containing script injections in the URL path. Avoid using vulnerable versions (up to 6.1.24) in production environments. [2, 3, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15437. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart